What do we consider medium risk?
Medium-risk companies have a potential for a targeted attack. This means they likely have some attractive data, they have some attractive partners, or they have a decent-sized data footprint. So they’re targeted because of the data they have or the access they have. Even small companies can have access to very sensitive data. Take a law firm as an example—the legal industry collects a lot of data about people. They keep a lot of information and personal information that could be utilized to do both identity theft and fraud, they also potentially have links to other “more interesting” partners.
What do we consider high risk?
High-risk companies are generally the ones that are targeted by nation state or organized crime actors. This generally means they have a lot of money, assets, or data. Examples here would be financial services companies, people with healthcare data, people with a great deal of personal data or sensitive Intellectual Property or anybody working on sensitive IP, or anybody involved in infrastructures like power and energy. All of this data could make an adversary a good deal of money or provide them with a good deal of control.
So when you start to look at risk, look at where your customers fit in these categories. Once you’ve done this you can plan to apply a certain level of remediation that’s appropriate to that risk category.
There are three key categories to consider when planning your remediation strategies: people, processes, and technology.
I go into these in more detail in the full webinar below—as well as providing more insight into how to manage and mitigate risk.
Tim Brown is VP of Security for SolarWinds MSP. He has over 20 years of experience developing and implementing security technology, including identity and access management, vulnerability assessment, security compliance, threat research, vulnerability management, encryption, managed security services, and cloud security. Tim’s experience has made him an in-demand expert on cybersecurity, and has taken him from meeting with members of Congress and the Senate to the Situation Room in the White House. Additionally, Tim has been central in driving advancements in identity frameworks, has worked with the US government on security initiatives, and holds 18 patents on security-related topics.